The FreeBSD Project

This document lists errata items for FreeBSD
4.7-RELEASE, containing significant information
discovered after the release. This information includes
security advisories, as well as news relating to the
software or documentation that could affect its operation
or usability. An up-to-date version of this document
should always be consulted before installing this version
of FreeBSD.

This errata document for FreeBSD 4.7-RELEASE will be
maintained until the release of FreeBSD 4.8-RELEASE.

This errata document contains ``late-breaking news''
about FreeBSD 4.7-RELEASE. Before installing this version,
it is important to consult this document to learn about any
post-release discoveries or problems that may already have
been found and fixed.

Any version of this errata document actually distributed
with the release (for example, on a CDROM distribution)
will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the
``current errata'' for this release. These other copies of
the errata are located at http://www.FreeBSD.org/releases/, plus
any sites which keep up-to-date mirrors of this
location.

Source and binary snapshots of FreeBSD 4-STABLE also
contain up-to-date copies of this document (as of the time
of the snapshot).

Buffer overflows in kadmind(8) and k5admin could
potentially cause the administrative server to execute
arbitrary code. Bugfix and workaround information can be
found in security advisory FreeBSD-SA-02:40.

Errors in smrsh(8), which
could allow users to circumvent restrictions on what
programs can be executed, were fixed in FreeBSD
4.7-RELEASE. Because the applicable security advisory (FreeBSD-SA-02:41) was not issued after
the release, this fact was not included in the release
notes.

Buffer overflows in the DNS resolver(3), which
could cause some applications to fail, have been corrected.
This change was not mentioned in the release notes, as the
applicable security advisory (FreeBSD-SA-02:42) was not issued until
after the release.

Several vulnerabilities exist in the version of BIND included with FreeBSD
4.7-RELEASE. More information, including bugfixes and
workaround suggestions, can be found in security advisory
FreeBSD-SA-02:43.

A file descriptor leak in the fpathconf(2) system
call, can allow a local user to crash the system or cause a
privilege escalation. Bugfix information can be found in
security advisory FreeBSD-SA-02:44.

Remotely exploitable vulnerabilities in CVS could allow an attacker to
execute arbitrary comands on a CVS server. More details can
be found in security advisory FreeBSD-SA-03:01.

A timing-based attack on OpenSSL, could allow a very
powerful attacker access to plaintext under certain
circumstances. This problem has been corrected in FreeBSD
4.8-RC with an upgrade to OpenSSL 0.9.7. On supported
security fix branches, this problem has been corrected with
the import of OpenSSL 0.9.6i.
See security advisory FreeBSD-SA-03:02 for more details.

It may be possible to recover the shared secret key used
by the implementation of the ``syncookies'' feature. This
reduces its effectiveness in dealing with TCP SYN flood
denial-of-service attacks. Workaround information and fixes
are given in security advisory FreeBSD-SA-03:03.

Due to a buffer overflow in header parsing in sendmail, a remote attacker can
create a specially-crafted message that may cause sendmail(8) to
execute arbitrary code with the privileges of the user
running it, typically root. More
information, including pointers to patches, can be found in
security advisory FreeBSD-SA-03:04.

The XDR encoder/decoder does incorrect bounds-checking,
which could allow a remote attacker to cause a
denial-of-service. For bugfix information, see security
advisory FreeBSD-SA-03:05.

Due to concerns over the licensing terms for the matcd(4) driver
uncovered late in FreeBSD 4.7-RELEASE's release cycle, the
matcd(4) driver was
removed. These issues are being addressed and this driver
may reappear in a future release of FreeBSD.

The srelease distribution
contains object files for sysinstall(8) in
the release/sysinstall directory.
These files were generated during the release building
process but, for some reason, were not removed from the
distribution files. They are harmless.

The databases/rdfdb and mail/ssmtp packages included
in the 4.7-RELEASE package set cannot be installed
correctly. A workaround is to build and install these
programs using the Ports Collection.

The net/gnomeicu package included
in the 4.7-RELEASE package set may not run correctly, due
to a missing dependency on the net/gnet package. To work
around this problem, install net/gnet either from a
package or the Ports Collection, preferably before
installing net/gnomeicu.

The release notes for FreeBSD 4.7-RELEASE incorrectly
stated that the -J option to xargs(1) is
deprecated. In fact, there are no plans to remove this
option.

ftpd(8) has a bug
in its virtual hosting function triggered if /etc/ftphosts defines a virtual host
whose IP address can resolve back to a hostname. In that
case the daemon will be exiting on SIGSEGV (signal 11) if started from inetd(8), or may
malfunction unpredictably if running stand-alone. This bug
has been fixed in FreeBSD 4.8-RC.